#!/bin/sh
################################################################################
#    Copyright (c) 2017, 2025 Red Hat Inc and others
#
#    This program and the accompanying materials are made
#    available under the terms of the Eclipse Public License 2.0
#    which is available at https://www.eclipse.org/legal/epl-2.0/
#
#    SPDX-License-Identifier: EPL-2.0
#
#    Contributors:
#        Red Hat Inc - initial API and implementation
#        Eurotech
################################################################################

# Check for Keycloak OpenID Connect integration
if [ -n "$KEYCLOAK_URL" ] && [ -n "$KAPUA_CONSOLE_URL" ]; then
   echo "Activating OpenID Connect Keycloak integration..."
   echo "  Keycloak: $KEYCLOAK_URL"
   echo "  Kapua:    $KAPUA_CONSOLE_URL"

   : KEYCLOAK_REALM=${KEYCLOAK_REALM:=kapua}
   : KEYCLOAK_CLIENT_ID=${KEYCLOAK_CLIENT_ID:=console}

   JAVA_OPTS="$JAVA_OPTS -Dsso.openid.provider=keycloak"
   JAVA_OPTS="$JAVA_OPTS -Dsso.openid.client.id=${KEYCLOAK_CLIENT_ID}"

   test -n "${KAPUA_OPENID_CLIENT_SECRET}" && JAVA_OPTS="$JAVA_OPTS -Dsso.openid.client.secret=${KAPUA_OPENID_CLIENT_SECRET}"

   JAVA_OPTS="$JAVA_OPTS -Dsso.openid.keycloak.uri=${KEYCLOAK_URL}"
   JAVA_OPTS="$JAVA_OPTS -Dsso.openid.keycloak.realm=${KEYCLOAK_REALM}"

   JAVA_OPTS="$JAVA_OPTS -Dconsole.sso.openid.home.uri=${KAPUA_CONSOLE_URL}"

# Check for generic OpenID Connect provider integration
elif [ -n "${KAPUA_CONSOLE_URL}" ] && [ -n "${KAPUA_OPENID_JWT_ISSUER}" ]; then
   echo "Activating OpenID Connect Generic integration..."
  echo "  OpenID Issuer: ${KAPUA_OPENID_JWT_ISSUER}"
  echo "  Console: ${KAPUA_CONSOLE_URL}"

  JAVA_OPTS="${JAVA_OPTS} -Dsso.openid.provider=generic"
  JAVA_OPTS="${JAVA_OPTS} -Dsso.openid.client.id=${KAPUA_OPENID_CLIENT_ID:-console}"
  test -n "${KAPUA_OPENID_CLIENT_SECRET}" && JAVA_OPTS="${JAVA_OPTS} -Dsso.openid.client.secret=${KAPUA_OPENID_CLIENT_SECRET}"
  JAVA_OPTS="${JAVA_OPTS} -Dconsole.sso.openid.home.uri=${KAPUA_CONSOLE_URL}"

  JAVA_OPTS="${JAVA_OPTS} -Dsso.openid.generic.jwt.audience.allowed=${KAPUA_OPENID_JWT_AUDIENCE:-console}"
  JAVA_OPTS="${JAVA_OPTS} -Dsso.openid.generic.jwt.issuer.allowed=${KAPUA_OPENID_JWT_ISSUER}"
  test -n "${KAPUA_OPENID_AUTH_ENDPOINT}" && JAVA_OPTS="${JAVA_OPTS} -Dsso.openid.generic.server.endpoint.auth=${KAPUA_OPENID_AUTH_ENDPOINT}"
  test -n "${KAPUA_OPENID_LOGOUT_ENDPOINT}" && JAVA_OPTS="${JAVA_OPTS} -Dsso.openid.generic.server.endpoint.logout=${KAPUA_OPENID_LOGOUT_ENDPOINT}"
  test -n "${KAPUA_OPENID_TOKEN_ENDPOINT}" && JAVA_OPTS="${JAVA_OPTS} -Dsso.openid.generic.server.endpoint.token=${KAPUA_OPENID_TOKEN_ENDPOINT}"
  test -n "${KAPUA_OPENID_USERINFO_ENDPOINT}" && JAVA_OPTS="${JAVA_OPTS} -Dsso.openid.generic.server.endpoint.userinfo=${KAPUA_OPENID_USERINFO_ENDPOINT}"
fi

# Multi Factor Authentication configurations

test -n "${CIPHER_KEY}" && JAVA_OPTS="${JAVA_OPTS} -Dcipher.key=${CIPHER_KEY}"
test -n "${MFA_TIME_STEP_SIZE}" && JAVA_OPTS="${JAVA_OPTS} -Dauthentication.mfa.time.step.size=${MFA_TIME_STEP_SIZE}"
test -n "${MFA_WINDOW_SIZE}" && JAVA_OPTS="${JAVA_OPTS} -Dauthentication.mfa.window.size=${MFA_WINDOW_SIZE}"
test -n "${MFA_SCRATCH_CODES_NUMBER}" && JAVA_OPTS="${JAVA_OPTS} -Dauthentication.mfa.scratch.codes.number=${MFA_SCRATCH_CODES_NUMBER}"
test -n "${MFA_CODE_DIGITS_NUMBER}" && JAVA_OPTS="${JAVA_OPTS} -Dauthentication.mfa.code.digits.number=${MFA_CODE_DIGITS_NUMBER}"
test -n "${MFA_TRUST_KEY_DURATION}" && JAVA_OPTS="${JAVA_OPTS} -Dauthentication.mfa.trust.key.duration=${MFA_TRUST_KEY_DURATION}"

# Device Mannagement Configurations
: DEVICE_MANAGEMENT_RESPONSE_STACKTRACE_SHOW=${DEVICE_MANAGEMENT_RESPONSE_STACKTRACE_SHOW:=false }
test -n "${DEVICE_MANAGEMENT_RESPONSE_STACKTRACE_SHOW}" && JAVA_OPTS="${JAVA_OPTS} -Ddevice.management.response.stacktrace.show=${DEVICE_MANAGEMENT_RESPONSE_STACKTRACE_SHOW}"

export JAVA_OPTS

# Continue with startup
exec /var/opt/jetty/run-jetty "$@"
